Verified suspension through other sources as the file in question self-terminated off of the server.
Shell-21 is in the antivirus filters from October 2008 as a known malware script. So far I haven't turned up any results of this being a false positive. What's not helping in your case is the fact that the scanner in question can only scan it if it's ran, so we know the file was ran. It downloaded it, scanned it, found it to be a shell bad enough to put x10hosting at risk, and suspended it.
The shell in question appears to be a variation of the C99 shell from what I can understand of the results kicked back. That's a no-no. This jives with several online "mass-antivirus-scan" reports where more than one antivirus was told to scan the same file. In one particular result, it scanned as PHP.Shell-21, PHP.Backdoor-X, PHP.Shell-X, PHP/C99ShellA, Trojan.C99, PHP.Shellbot.X, among others. Whatever was in that file isn't allowed no matter how you slice it.
